Shing Digital and Secureworks presents our Cyber Threat Intelligence Briefing 2020 virtual event. We have three seasoned cybersecurity experts discuss topics ranging from emerging threats and how to prepare for them, the impact of a remote workforce and how to secure them, and how Threat Detection & Response and Managed Detection & Response can be the killer combination to combat them.
Over the last few months, during the COVID-19 stay at home, hackers have really stepped up their efforts to compromise users on cloud services like Office (Microsoft) 365. They understand that as more people work from home they are also probably more vulnerable, due to a multitude of factors; Office 365 is a popular target because it is the go to platform for many organizations. By compromising an Office 365 user, the hackers get within the virtual walls of an organization. From there, they can launch attacks to steal information or money from the organization or their customers.
Office 365 is an awesome platform with lots of features and options to help protect you against the bad guys. The problem is also that Office 365 has lots of features and options that are not configured by default. If your organization doesn’t have the resources or the expertise to properly implement any of the Microsoft or third party protections, it is probably not a question of if, but when your organization becomes a target and victim. Even being properly protected doesn’t 100% protect you from being a target, but it does greatly reduce the chances of your organization becoming a victim.
Here are some quick tips and information for your organization to get to, at least, a good starting point of protecting your Office 365 users.
- Determine if protocols, such as POP3 and IMAP4, are being utilized to access emails. If they are, migrate your users to utilize Outlook Web Access or Outlook Anywhere.
- POP3 and IMAP4 are legacy protocols that bypass protection mechanisms such as MFA.
- POP3 and IMAP4 don’t support modern authentication and are easier to compromise on the computer.
- By default, Office 365 has a password change policy in place but we find that many organizations disable them. Do NOT disable this policy.
- If you utilize Azure AD Connect to synchronize your users and their passwords between your on-premise AD and Azure AD, make sure you create a password group policy to enforce password changes on your on-premise AD.
- Passwords should meet the minimum requirements of at least 10 characters (Office 365 default is 8), one number, one capital letter, one lower case character, and at least one symbol character.
- Passwords should be changed at least every 90 days.
- If passwords are set to not expire then multi-factor authentication is a must.
- Ensure that you have backups of your Office 365 data (mailboxes, OneDrive, SharePoint, Teams).
- Microsoft does not do backups for you. Microsoft does backups for them and when you have an incident they are not there to restore your data.
- Get a good third party backup system for your Office 365 assets.
Multi-Factor Authentication (MFA)
- MFA adds a layer of protection to Office 365 accounts by requiring each user acknowledge, through an app, that it is them that is logging into their Office 365 account for services such as Outlook and Teams.
- We recommend password changes and MFA be used together.
- MFA is offered to the administrator accounts without an extra license, make sure you enable it for your admins.
- MFA is recommended for all the users but it does require extra licenses.
Educate your staff
- Communicate with the entire organization that hacking attacks are on the rise.
- If an email seems unusual, call the person who sent it to validate it has come from them. Unusual means request of very specific information involving accounts, money, client information, passwords, etc.
- If you have not done so already, educate your staff about phishing attempts and what they look like.
Shing Digital takes the cybersecurity protection of your Office 365 and cloud resources seriously. These recommendations only scratch the surface of how to properly protect your organization. Contact us and we can have a conversation about what we can do for your organization.